o 

CD 



CD 
CD 



\ 



an 
o 




CO 

CQ 
CD 



CD 
CXI 




CXI 



CO 




CO 



en 



CD 
LU 



o 



CD 

CO 
CO 
LU 
OC 
CD 
CD 



CD 
O 
CD 



CJ> 



O 
CD 



CD 



CD 
LO 



CD 



WRITE 


CO 
LO 


WRITE 


co 

LO 


WRITE 


o 

CO 


SOLUTION 


LL. 

DC 




QC 


ca 




i i i 

a< 

ad 

CO 






SHIFTER/ALU 


FP ADD/SUB 




SUM PRODUCT 


FP SUM PRODUCT 




COND.CODEBYP 
BR. RESOLUTION 


LD/STDATA 






SHIFTER 


FP ADD/SUB 




INT/MM MULTIPLY 


FP MULTIPLY 




COND.CODEBYP 
BR. RESOLUTION 


ADDRESS CALC. 








FP ALIGNMENT 




INT/MM MULTIPLY 


FP MULTIPLY 




COND.CODE 
BYPASS 


READ 




READ 




READ 




D. CODE 
PASS 


Li- 
ce: 


Osl 


LI- 
CE: 


CO 


Li- 
ce: 


Od 
CO 





CNJ 
CO 



O z nz 

CO mi CD 



CO 

CO zz> 



co Od COl 
OO LU CO 

X > I 

o 

CD 



LU | — i i i 

> CD ^ CO 
i= 13 ^ CO 

co —J 



ac 




LU 

CO 




OO f w-* 

x S2 








5c 





Z C_3 

g y id ^ it: s 



190 

/ 194 196 ^ SIZES 





I I 


ISA 

I 


XP 

(CC) , 


ds1 

I 


dsO 


cOs1 
I I 


cOsO 


63 












198 


56 





- Modes 






► 








pnz 


pez 
I I 


v86 

I 


real 

I 


smm 

I 




TAXi 
, ACTIVE , 





55 48 



192 < 





CONTROL 


FLOATING-POINT 
TOP-OF-STACK 






l TRANSFER | , , 


I I I 


► 


47 






40 




- PSEUDO FLOATING - POINT TAG WORD 









I I I I 


I I I 


► 


39 






32 


I I I I l l l 


31 






24 


l l I I I I l 


23 






16 


I i i i I I i 


15 






8 


I I I I I I I 



FIG. 1E 



0 



I-TLB 
PROPERTY 
BITS 


DECODED PROPERTY 
VALUES 


PROTECTED 


inollwOllulio 

SENT 
TO - 


COLLECT 
PROFILE 
TRACE- 
PACKETS? 


PRDRF FDR 
ri\UDC r\Jr\ 

TRANSLATED 
CODE 


I/O 
MEMORY 
REFERENCE 
EXCEPTIONS 


ISA 
194 


CC 
200 


r 


INTERPRETATION 

iii i Li\r i\l. mi iv/ii 


00 


TAP 


TAP 


NO 


NATIVE CODE OBSERVING NATIVE 
RISCv CALLING CONVENTIONS 


NATIVE 
DECODER 


NO 


NO 


FAULT 
IFSEG.Ho 


01 


TAP 


x86 


NO 


NATIVE CODE OBSERVING x86 
CALLING CONVENTIONS 


NATIVE 
DECODER 


NO 


NO 


FAULT 
IFSEG.Ho 


10 


x86 


x86 


NO 


x86 CODE, UNPROTECTED- 
MX/ PROFILE COLLECTION ONLY 


x86 HW 
CONVERTER 


IF 

ENABLED 


NO 


TRAP 
IF PROFILING 


11 


x86 


x86 


YES 


X86CODE, PROTECTED- 
WX/ CODE MAY BE AVAILABLE 


X86HW 
CONVERTER 


IF 

ENABLED 


BASED ON 
l-TLB PROBE 
ATTRIBUTES 


TRAP 
IF PROFILING 



180,182, 
184,186 

204 



184,186 



FIG. 2A 



TRANSITION (SOURCE => DEST) 
ISA & CC PROPERTY VALUES 


HANDLER ACTION 


00 => 00 


NOTRANSITION EXCEPTION 


00 => 01 


VECT_m_X86_CC EXCEPTION - HANDLER CONVERTS FROM NATIVE TO x86 CONVENTIONS 


00 => 1x 


VECT xxx X86 CC EXCEPTION - HANDLER CONVERTS FROM NATIVE x86 CONVENTIONS, 

SETS UP EXPECTED EMULATOR AND PROFILING STATE 
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PUSH ARGS, RETURN ADDRESS, SETUP x86 STATE 


FAULTON TARGET INSTRUCTION 


VECTJump X86 CC 


SETUPX86 STATE 


FAULTON TARGET INSTRUCTION 


VECT ret no fp X86 CC 
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FAULTON TARGET INSTRUCTION 


VECT call TAP CC 
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FAULTON TARGET INSTRUCTION 
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VECT ret no fp TAP CC 


RETURN VALUE TO RVO 
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FAULT ON TARGET INSTRUCTION 
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MOVE PARAMETERS FROM 
MEMORY STACK TO 
REGISTERS 
-XD— 0 

CASE "10 n OR "11" RETURN: 
MOVE FUNCTION RETURN 
VALUE FROM X86 HOME 
TO TAPESTRY HOME 

CASE RESUME FROM EXCEPTION 
RESTORE TAPESTRY 
CONTEXT FROM 
SAVE SLOT 



FIG. 3A 



FLAT 32-BIT "NEAR" ADDRESS SPACE 



I-X86? RISC?— i 



TRANSPARENCY: 

. x86 CODE ADHERES TO TRADITIONAL 

x86 STACK-BASED CONVENTIONS 
. RISC USES HIGHER PERFORMANCE 

REGISTER-BASED CONVENTIONS 
.CALLER HAS NO KNOWLEDGE 

OF CALLEE'S ISA 
.CALLEE HAS NO KNOWLEDGE 

OF ISA TO WHICH IT WILL RETURN 




FIG. 3B 



FLAT 32-BIT "NEAR" ADDRESS SPACE 




X86-RISC TRANSITION: 
MAPx86 CALL TO RISC 
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343-348 (FIG. 31) 
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NO MAPPING REQUIRED 
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322 (FIG.3H) 



NO ISA TRANSITION: 
NO MAPPING REQUIRED 
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SETUPXD: 
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RET 
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X86-to Tapestry transition exception handler ^ 

II This handler is entered under the following conditions: 
// 1 . An x86 caller invokes a native function 
// 2. An x86 function returns to a native caller 

// 3. x86 software returns to or resumes an interrupted native function following 
// an external asynchronous interrupt, a processor exception, or a context switch 
r 321 

dispatch on the two least-significant bits of the destination address { 
case"00 M // calling a native subprogram 

// copy linkage and stack frame information and call parameters from the memory 

// stack to the analogous Tapestry registers 

LR— [SP++] // set up linkage register ~ 0A ■ 
AP— SP //address of first argument-^"^ 4 32 6 f3. 

SP— SP-8 //allocate return transfer argument area 3 o 7 
SP — SP & (-32) // round the stack pointer down to a 0 mod 32 boundary -^ oz 
XD — 0 // inform callee that caller uses X86 calling conventions 328 

case "01" // resuming an X86 thread suspended during execution of a native routine S 
if the redundant copies of the save slot number in EAX and EDX do not match or if "I « 7 1 
the redundant copies of the timestamp in EBX:ECX and ESI:EDI do not match { J 
// some form of bug or thread corruption has been detected 
goto TAPESTRY_CRASH_SYSTEM( thread-corruption-error-code ) 372 

save the EBX:ECX timestamp in a 64-bit exception handler temporary register "1 373 I 
(this will not be overwritten during restoration of the full native context) J * 
use save slot number in EAX to locate actual save slot storage-^- 374 
restore full entire native context (includes new values for all x86 registers) ^\o 7 c 
if save slot" s timestamp does not match the saved timestamp { - 376 
// save slot has been reallocated; save slot exhaustion has been detected 
goto TAPESTRY_CRASH_SYSTEM( save-slot-overwritten-error-code )"\. 377 

free the save slot ^""378 

easel 0" // returning from X86 callee to native caller, result already in registers 

RV0<63:32> — edx<31 :00> // in case result is 64 bits 333 . ^ 

convert the FP top-of-stack value from 80 bit X86 form to 64-bit form in RVDP ~\_oo>i [ 66 

SP —ESI // restore SP from time of call — ~ — 337 , 

case"1 1 n // returning from X86 callee to native caller, load large result from memory ; 

RV0..RV3 — load 32 bytes from [ESI-32] // (guaranteed naturally aligned) I ?9 

SP— ESI // restore SP from time of call x. 337 J 

EPC— EPC & -4 // reset the two low-order bits to zero-\ ooe 
RFE ^338 336 
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340 

/ 

Tapestry-to-X86 transition exception handler 

// This handler is entered under the following conditions: 
111. a native caller invokes an x86 function 
// 2. a native function returns to an x86 caller 
switch on XD<3:0>{ -\_ 341 

XD_RET_FP: // result type is floating point 

FO/FI — FINFLATE.de( RVDP) // X86 FP results are 80 bits 
SP— from RXA save // discard RXA, pad, args 

FPCW— image after FINIT & push // FP stack has 1 entry 
goto EXIT 

XD_RET_WRITEBACK: // store result to @RVA, leave RVA in eax 

RVA— from RXA save // address of result area 

copy decode(XD<8:4>) bytes from RV0..RV3 to [RVA] 
eax— RVA // X86 expects RVA in eax 

SP— from RXA save // discard RXA, pad, args 

FPCW— image after FINIT // FP stack is empty 

goto EXIT 

XD_RET_SCALAR: // result in eax:eda 

edx<31 :00> — eax<63:32> // in case result is 64 bits 

SP— f ram RXA save // discard RXA, pad , args 

FPCW— image after FINIT // FP stack is empty j 

goto EXIT 

XD_CALL_HIDDEN_TEMP: // allocate 32 byte aligned hidden temp^3 43 
esi— SP // stack cut back on return 

SP— SP - 32 // allocate max size temp 1 344 

RVA— SP //RVA consumed later by RR J 

LR<1 :0> —"11" // flag address for return & reload ^ 

goto CALL_COMMON 345 

default: // remaining XD_CALL_xxx encodings 

esi— SP // stack cut back on return 

LR<1 :0> —"1 0" // flag address for return ^ 343 

CALL.COMMON: 347 ^ 34 6 

interpret XD to push and/or reposition args S 
[-SP]— LR // push LR as return address - 

EXIT: \ 348 

setup emulator context and profiling ring buffer pointer 

} x-349 

RFE^ //to original target 

} 

FIG. 31 



350 

interrupt/exception handler of Tapestry operating system: ^ 
II Control vectors here when a synchronous exception or asynchronous interrupt is to be 
// exported to / manifested in an x86 machine. 

//The interrupt is directed to something within the virtual X86, and thus there is a possibility 
// that the X86 operating system will context switch. So we need to distinguish two cases: 
// either the running process has only X86 state that is relevant to save, or 
// there is extended state that must be saved and associated with the current machine context 
// (e.g., extended state in a Tapestry library call in behalf of a process managed by X86 OS) 
if execution was interrupted in the converter - EPC.ISA == X86 { "I 
// no dependence on extended/native state possible, hence no need to save any f351 
goto E M 86_Del i ve r_l n term pt( interrupt-byte ) J 
} else if EPC.TaxLActive { 

//A Taxi translated version of some X86 code was running. Taxi will rollback to an 
// x86 instruction boundary. Then, if the rollback was induced by an asynchronous external 
// interrupt, Taxi will deliver the appropriate x86 interrupt. Else, the rollback was induced y 
// by a synchronous event so Taxi will resume execution in the converter, retriggering the ' 
// exception but this time with EPC.ISA == X86 
goto TAXi_Rollback( asynchronous-flag , interrupt-byte ) 
}elseifEPC.EM86{ 

// The emulator has been interrupted. The emulator is coded to allow for such 
// conditions and permits re-entry during long running routines (e.g. far call through a gate) 
// to deliver external interrupts 
goto EM86_Deliver_lnterrupt( interrupt-byte ) 



} else { 



// This is the most difficult case - the machine was executing native Tapestry code on ^ 
// behalf of an X86 thread. The X86 operating system may context switch. We must save 
// all native state and be able to locate it again when the x86 thread is resumed. 
r 361 

allocate a free save slot; if unavailable free the save slot with oldest timestamp and try again 
save the entire native state (both the X86 and the extended state) N fi2 
save the X86 EIP in the save slot J r 363 

overwrite the two low-order bits of EPC with "01 " (will become X86 interrupt EIP) y )> 
store the 64-bit timestamp in the save slot, in the X86 EBX:ECX register pair (and, \ qR4 

for further security, store a redundant copy in the X86 ESI:EDI register pair) J* 
store the a number of the allocated save slot in the X86 EAX register (and, again fori 

further security, store a redundant copy in the X86 EDX register) J 6bi> 

goto EM86_Deliver_lnterrupt( interrupt-byte ) 
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typedef struct { 
save_slot_t * 
save_slot_t * 
unsigned int64 
unsigned int64 
unsigned int64 

timestampj 
int 

boolean 
} save_,slot_t; 



newer, // pointer to next-most-recently-allocated save slot" 
older; // pointer to next-older save slot 

epc; //saved exception PC/IP 

pew; // saved exception PCW (program control word) 

registers[63]; // save the 63 writeable general registers 

// other words of Tapestry context 
timestamp; //timestamp to detect buffer overrun -\ 
save_slot_ID; // ID number of the save slot -\ 
save_slot_is_f u II ; // full / empty flag 357 

v 359 



■358 
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►356 



save_slot_t* 
save slot t* 



save_slot_head; 
save_slot_tail; 



// pointer to the head of the queue -\ 
// pointer to the tail of the queue -v 379a 
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system initialization 
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HANDLER: x86 TO RISC 
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EPC<1:0> == 00: 
LR — [SP] 
SP — SP + 4 
AP — SP 
SP — SP-8 
SP — SP & (-32) 
XD—0 
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HANDLER: x86 TO RISC 
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HANDLER: RISCTOx86 
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PRORF FVFMT RIT- 
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ITLB PROBE 
ATIBUTE 
OR 
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0.0000 


DEFAULT (x86 TRANSPARENT) EVENT, REUSE ALL CONVERTER VALUES 


YES 




NO 




REUSE EVENT CODE 




0.0001 


SIMPLE x86 INSTRUCTION COMPLETION (REUSE EVENT CODE) 


YES 




NO 




REUSE EVENT CODE 




0.0010 


PROBE EXCEPTION FAILED 


YES 




NO 




REUSE EVENT CODE 




0.0011 


PROBE EXCEPTION FAILED, RELOAD PROBE TIMER 


YES 




NO 




REUSE EVENT CODE 




0.0100 


FLUSH EVENT 


NO 


NO 


NO 


NO 






0.0101 


SEQUENTIAL; EXECUTION ENVIRONMENT CHANGED - FORCE EVENT 


NO 


YES 


NO 


NO 






0.0110 


FAR RET 


NO 


YES 


YES 


NO 


• 


y 
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0.0111 


IRET 


NO 


YES 


NO 


NO 


• 


0.1000 


FARCALL 


NO 


YES 


YES 


YES 


FARCALL 




0.1001 


FARJMP 


NO 


YES 


YES 


NO 


• 




0.1010 


SPECIW.; EMULATOR EXECUTION, SUPPLY EXTRA INSTRUCTION DATA 0 


NO 


YES 


NO 


NO 


• 




0.1011 


ABORT PROFILE COLLECTION 


NO 


NO 


NO 


NO 


• 




0.1100 


x86 SYNCHRONOUS/ ASYNCHRONOUS INTERRUPT W/PROBE (GRP 0) 


NO 


YES 


YES 


YES 


EMULATOR PROBE 




0.1101 


x86 SYNCHRONOUS/ASYNCHRONOUS INTERRUPT (6RP 0) 


NO 


YES 


YES 


NO 


■ 




0.1110 


x86 SYNCHRONOUS/ASYNCHRONOUS INTERRUPT W/PROBE (GRP 1) 


NO 


YES 


YES 


YES 


EMULATOR PROBE 




0.1111 


x86 SYNCHRONOUS/ASYNCHRONOUS INTERRUPT (GRP1) 


NO 


YES 


YES 


NO 


■ 




1.0000 


IP-RELATIVE JNZ FORVWVRD (OPCODE: 75, OF 85) 


NO 


YES 


YES 


NO 


. 




1.0001 


IP-RELATIVE JNZ BACKWARD (OPCODE 75, OF 85) 


NO 


YES 


YES 


YES 


JNZ 




1.0010 


IP-RELATIVE CONDITIONAL JUMP FORWARD - (JCC, JCXZ, LOOP) 


NO 


YES 


YES 


NO 


. 




1.0011 


IP-REIATIVE CONDITIONAL JUMP BACKWARD - (JCC, JCXZ, LOOP) 


NO 


YES 


YES 


YES 


CONDJUMP 




1.0100 


IP-RELATIVE, NEAR JMP FORWARD (OPCODE: E9, EB) 


NO 


YES 


YES 


NO 






1.0101 


IP-RELATIVE, NEAR JMP BACKWARD (OPCODE E9, EB) 


NO 


YES 


YES 


YES 


NEAR JUMP 


V 


1.0110 


RET/RET IMM16 (OPCODE C3. C2 /W) 


NO 


YES 


YES 


NO 






1.0111 


IP-RELATIVE, NEAR CALL (OPCODE: ED) 


NO 


YES 


YES 


YES 


NEARCALL 




1.1000 


REPE/REPNE CMPS/SCAS (OPCODE: A6, A7, AE, AF) 


NO 


YES 


NO 


NO 






1.1001 
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DONE 



864 



IF THIS DESCRIPTOR IS MARKED TO INDICATE THAT ACLONED COPY IS REQUIRED 
(REFLECTING BOTH OPTIMIZED AND UNOPTIMIZED REFERENCES THROUGH THIS SEGMENT 
DESCRIPTOR) 



ELSE 



THEN 

__L_ 



866 



EMIT CODE TO COPY ONE OF THE X86 SEGMENT DESCRIPTORS TO ONE OF THE 
SEGMENT DESCRIPTOR REGISTERS RESERVED FOR TAXi CODE. THE TAXi 
OPTIMIZED LOAD BIT 810 OF THE SEGMENT DESCRIPTOR IS GUARANTEED TO MATCH 

TAXi CONTROL.TIO820 



1 



868 



EMIT CODE TO EXPLICITLY SET THE VALUE OF THE CLONED DESCRIPTOR'S TAXi 
OPTIMIZED LOAD 810 TO THE OPPOSITE VALUE. 



EMIT CODE TO IMPLEMENT THE TRANSLATED HOT SPOT OF THE X86 CODE 



FIG. 8C 
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110 
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130 



ALIGNED x86 INSTRUCTION 



LL 



>C_PC 



I 



j>X86INSTR 



>X86INSTR 




150 



LOOP/REP 
COMPLETION 
LOGIC 



FPJP,FP_OP,FP_DP 



FIG. 9A 



1 L__^RA^TORAfioiTv 
V^LOGIC ONRFE_^^ 



# 



VIRTUAL X86 PROCESS 
311 



X86 EMULATOR 


316 


HANDLER 1: 




RFE 




HANDLER 2: 




RFE 




HANDLER 3: 




RFE 





EMULATOR INTERFACE REGISTERS 



EPC 914 



EFFECTIVE 
ADDRESS 
SIZE 



EFFECTIVE 
OPERAND 
SIZE 



LOCK 
PREFIX 



912 



USER/ 


INTERRUPT 


ISA 


SINGLE 




X86 


FRAC 


EIP 


KERNEL 


ENABLE 


194 


STEP 




COMPLETED 


934 



REPEAT 
PREFIX 



CURRENT 
IP 



NEXT 
IP 



LEN 



OPCODE 



FP 
OPCODE 



SEGMENT 



BASE AND 
INDEX REGS 



DISP 



IMM 



MODRM 



BASE 



INDEX 



SCALE 



FIG. 9B 



# .# 



MNEMONIC 


TYPE 


DESCRIPTION OF SIDE-BAND INFORMATION 


INSTRUCTIONS WITH 
Imm6 FIELD 




THE CONVERTER MAY SUPPLY A FULL 32-BIT IMMEDIATE. 


BRANCHES WITH 
DISPLACEMENT 




THE CONVERTER MAY SUPPLY A FULL 32-BIT DISPLACEMENT. 


LDA/STA 


INTEGER 


A FULL 32-BIT DISPLACEMENT IS SENT ON THE IMMEDIATE BUS; THIS IS ADDED TO 
SRC1 TO COMPUTE THE OFFSET FOR SOME ADDRESSING MODES. 


CJcond 


INTEGER 


THE CONVERTER MAY SPECIFY A 16 OR 32-BIT ADDRESS SIZE IN PAFIALLEL WITH THIS 
INSTRUCTION (A32-BIT DISPLACEMENT MAY ALSO BE PROVIDED). 


CJcond 


INTEGER 


THE CONVERTER MAY SPECIFY A 16 OR 32-BIT ADDRESS SIZE IN PARALLEL WITH THIS 
INSTRUCTION. A 32-BIT DISPLACEMENT MAY ALSO BE PROVIDED. 


FROMPR 


INTEGER 


3-BITS OFTOS (TOP-OF-STACK) ARE SENTONTHE IMMEDIATE BUS IN PARALLEL WITH 
THIS INSTRUCTION FOR USE BY THE FNSTSW INSTRUCTION CONVERTER SEQUENCE. 


LEA 


INTEGER 


A 6-BIT INDEX REGISTER SPECIFIER, A 32- BIT DISPLACEMENT, AND A 2-BIT SCALE 
FACTORARE PASSED FROM THE CONVERTER AS ADDITIONAL INPUTTO THE HARDWARE IN 
ORDER TO FORM ACOMPLETEx86 ADDRESSING MODE. 


LDAI 


INTEGER 


A 6-BIT INDEX REGISTER SPECIFIER, A 32- BIT DISPLACEMENT, AND A 2-BIT SCALE 
FACTORARE PASSED FROM THE CONVERTER AS ADDITIONAL INPUT TO THE HARDWARE IN 
ORDER TOFORM A COMPLETE x86 ADDRESSING MODE. ADDITIONALLY, A SECOND 
DESTINATION REGISTER IS PASSED AS THE DESTINATION OF THE ADDRESS 
AUTOINCREMENTMODE. 


LOOP.LOOPZ, 
LOOPNZ 


INTEGER 


THE CONVERTER MAY SPECIFY A 16 OR 32-BIT ADDRESS SIZE IN PARALLEL WITH THIS 
INSTRUCTION. A32-BIT DISPLACEMENT MAY ALSO BE PROVIDED. 


STAI 


INTEGER 


A6-BIT INDEX REGISTER SPECIFIER, A 32- BIT DISPLACEMENT, AND A2-BIT SCALE 
FACTORARE PASSED FROM THE CONVERTER AS ADDITIONAL INPUTTO THE HARDWARE IN 
ORDER TO FORM A COMPLETE x86 ADDRESSING MODE. ADDITIONALLY, A SECOND 
DESTINATION REGISTER IS PASSED AS THE DESTINATION OF THE ADDRESS 
AUTOINCREMENTMODE. 


PSHUFW 


MMX 


ONLY6 BITS OFTHE Imm8 ARE STORED IN THE INSTRUCTION. THE REMAINING TWO 
BITS ARE CREATED BYTHE HW CONVERTER. 


FLDA 


FPEP 


A6-BIT INDEX REGISTER SPECIFIER ANDA32- BIT DISPLACEMENT, AND A 2-BIT SCALE 
FACTORARE PASSED FROM THE CONVERTER AS ADDITIONAL INPUTTO THE HARDWARE IN 
ORDER TO FORM A COMPLETE x86 ADDRESSING MODE. 


FTST 


FPEP 


1-BIT OF STO VALID IS SENT ON THE IMMEDIATE BUS IN PARALLEL WITH THIS 
INSTRUCTION. 


FSTA 


FPEP 


A6-BIT INDEX REGISTER SPECIFIER ANDA2- BIT SCALE FACTORARE PASSED FROM THE 
CONVERTER AS ADDITIONAL INPUTTO THE HARDWARE IN ORDER TO FORM A COMPLETE 
x86 ADDRESSING MODE. 


FXAM 


FP FP 

IT El 


1 BIT <!TO VAI ID 1*5 PAS<?FD ON THF IMMFDIATF BUS 

i ui i ui y_vnLiL/ io rnooLU uii i nt iiviivill/iai l duo. 


INSTRUCTION 
CONTROL 




INSTRUCTION BOUNDARY INFORMATION: 

-START OF INSTRUCTION OR STRING ITERATION 

-LAST OF SEQUENCE 

-FP DP/,,, INTERNMENT CONTROL 

-FP TAG MAP INTERNMENT CONTROL 



FIG. 9D 



X86 instruction PUSHAD 
Temp:= (ESP) 
Push(EAX) 
Push(ECX) 
Push(EDX) 
Push(EBX) 
Push(Temp) 
Push(EBP) 
Push(ESI) 
Push(EDI) 



954 
951 



955- 



Native Instruction Recipe 



950 



FIG. 9E 



MOV.64 
STOREDEC.X 
STOREDEC.X 
STOREDEC.X 
STOREDEC.X 
STOREDEC.X 
STOREDEC.X 
STOREDEC.X 
MOV.64 

952^ 



tmp_d, ESP /* copy working SP to temp V 
^EAX.SS.tmpjK 
ECX,SS,tmp_d ^953 
EDX,SS,tmp_d 
EBX,SS,tmp_d 
ESP,SS,tmp_d 
EBP,SS,tmp_d 
ESI,SS,tmp_d 
EDI,SS,tmp_d 

ESP,tmp_d I* commit new SP*/ 



IDIOM 


USAGE 


LOAD /OP [/STORE] 


LOAD DATA 


COMPLEX ADDRESS CALCULATION 


COMPUTED OFFSET 


MOV mem, [DEFGSJS / PUSH [DEFGSJS 
(SELECTOR PUSH/STORE) 


SELECTOR (PROCESSOR REGISTER NOT DIRECTLY 
ACCESSIBLE BY STORE INSTRUCTIONS) 


PUSHA (PUSH ALL) 


INTERMEDIATE STACK POINTER; COMMIT AT END 


POPA(POPALL) 


INTERMEDIATE STACK POINTER; COMMIT AT END 


MOV mem, Imm/PUSH Imm 


INTERMEDIATE (NOT AVAILABLE AS AN OPERAND TO 
STORE INSTRUCTION) 


MULTIPLY 


INTERMEDIARY TO CONNECT CONTIGUOUS NATIVE 
REGISTER PAIR TO X86 REGISTER PAIR 


DIVIDE 




XCHG 


THE CLASSIC USE OF ATEMPORARY! 


POP mem 


STACK POINTER UNTIL MEMORY OPERATIONS ARE FINISHED 











FIG. 9F 
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961 



X86 instruction ADD r/m8,r8 
DEST:= DEST + SRC; 



962- 
963- 



964-^ 

FIG. 9G 



Native Instruction Recipe 
- LDA.b.write_intent tmp_d,Seg.Base,Base 
"ADD.b tmp_d,tmp_d,reg 
STA.b tmp_d,Seg.Base,Base 



967 

X86 instruction CALL r/mX I* near absolute call */ 
IF target instruction pointer is not within code segment limit 

THEN #GP(0); Fl; L968 
IF stack not large enough for a 4-byte return address 

THEN #SS(0); Fl; L 9 69 
Push(EIP); 
EIP := EIP + DEST; 



FIG. 9H 



976 



X86 instruction CALL re1X I* near IP-relative call 7 
IF target instruction pointer is not within code segment limit 

THEN #GP(0); Fl; 
IF stack not large enough for a 4-byte return address 

THEN #SS(0); Fl; 
Push(EIP); 
EIP := EIP + DEST; 

FIG. 91 



9J0 



Native Instruction Recipe 
LOAD.Iimit.check rO,CS:reg_d 

L 971 
972 

STOREDEC.X IP.SS.ESP 
JR reg_d 

^-973 



Native Instruction Recipe 



977 

STOREDEC.X IP.SS.ESP 
JR reg_d 
^-978 



980 981 

/ / 

X86 instruction LOOP imm8 Native Instruction Recipe 

Count := ECX; 

Count := Count -1; DEC.X ECX, ECX 

IF (Count ==0) \ 

THENBranchCond:=1; 

ELSE BranchCond : = 0; 

Fl; CJNE ECX,rO,imm8 



IF (BranchCond == 1) 
THEN 

NextElP := NextElP + SignExtend(DEST); 

IF target instruction pointer is not with code segment limit 

THEN 

#GP(0); I* ECX not modified */ 
ELSE 
ECX := COUNT; 
EIP := NextElP; 

Fl; 
ELSE 
ECX := Count; 

Terminate loop and continue program execution at EIP; 
Fl; 

FIG. 9J 



^-983 



986 

X86 REPNZ MOVS 
WHILE ECX*0 
DO 

service pending interrupts (if any); 
execute associated MOV instruction; 
ECX:=ECX-1; 
IF ECX = 0 

THEN exit WHILE loop; 
IF ZF = 1 

THEN exit WHILE loop; 

Fl; 
OD; 



987 
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989-^ 
991 



989 



989 



LDA.D 


tmp_d, src++ 


STOREINC 


dest++,tmp_d 


JNZ 


predicted not taken 


LDA.D 


tmp_d, src++ 


STOREINC 


dest++,tmp_d 


JNZ 


predicted not taken 


LDA.b 


tmp.d, src++ 


STOREINC 


dest++,tmp_d 


JNZ 


predicted not taken 



FIG. 9K 



